Dozens of data breaches, millions affected

During 2012, almost every industry -- from banking to insurance, government departments and even security companies that help to protect against such attacks -- were hacked or breached and vast amounts of data siphoned off from company networks.

Many of the successful attacks came from those part of or connected with hacking collective Anonymous, but not all. From Social Security record breaches to a year of poor company policies on password and user details protection, along with massive hacking attacks that gave the ordinary citizen an insight into the shady private intelligence world, here's a look back at some of the major hacks, leaks and breaches of the year.

January: Symantec Norton source code theft

In January, hackers breached a network belonging to the Indian intelligence service and acquired a vast amount of Symantec's Norton anti-virus source code. It was subsequently posted on Pastebin, often used by hackers to post leak data and source code anonymously.

Symantec was quick to state that the source code does not reflect the firm's current work. By analyzing the anti-malware source code, malware writers would be able to find weaknesses in order to bypass the software and hijack machines for malicious purposes. It's understood that the Indian authorities intended to inspect the source code, which was stolen from an insecure network.

February: Statfor hacked, Anonymous hands emails to Wikileaks

Loose-knitted hacking collective Anonymous successfully attacked Stratfor, a private U.S. intelligence firm, and swiped around five million emails. The data was then handed to Wikileaks for later publication. The email cache included invoices and details of sources connected to news media outlets, and employees of governments located around the world.

Once the full email cache was released, a controversy began when a number of Western Allied governments were accused of using TrapWire surveillance software. It was an overblown fear, not quite the 'global network of cameras' as suggested by a number of media outlets, but was nonetheless a potentially liberty-infringing network.

April: Anonymous attack Chinese Web sites, defense contracts stolen

A hacker associated with hacktivist collective Anonymous posted thousands of internal documents claimed to be associated with the Chinese government, most notably defense contracts signed by the country.

May: U.K. government caught snooping on citizen data

A U.K. government department was found snooping on citizen data and many civil servants were reprimanded for looking at medical records, National Insurance numbers, (the U.K. version of 'Social Security') and even criminal records, according to a series of Freedom of Information requests.

June: LinkedIn password breach affects 6.46 million users

A Russian forum user claimed to have downloaded 6.46 million passwords belonging to LinkedIn users, though the stolen passwords were cryptographically hashed. However, many of those passwords weren't salted, meaning it was relatively easy to convert the simpler passwords into a readable format.

LinkedIn shortly confirmed the data breach but did not explain how the passwords were accessed. Affected accounts were disabled and password reset emails were sent out. The later cleanup effort cost the professional social networking company around $1 million, and another $2-3 million in forensic work and security upgrades.

Password breach hits 1.5 million eHarmony users

Only a few days after the LinkedIn breach, dating Web site eHarmony was hit with a similar attack that led to the exposure of 1.5 million hashed passwords. The firm's security practices were not as strong. Its security systems only saved the user's password -- despite some users owning multi-case passwords -- in upper-case characters only, further weakening the system.

Last.fm next in line to suffer massive password breach

Next in line to suffer a security breach in June was Last.fm, which after claims of a similar attack on the online music social network. (ZDNet and Last.fm are both owned by CBS).

It became quickly apparent that the incidents were linked, but led to further widespread criticism of the password encryption standards and security features offered by Web services. In the aftermath, many Web sites and services bolstered their security to prevent such breaches occurring again.

While the breach was not as large as others, such as LinkedIn or Global Payments, but details of the breach were soon reported and it became quickly apparent how easy it was to acquire the vast cache of data. Using a union-based SQL injection attack, it showed just how insecure Yahoo's security was.

Nvidia developer forums hacked, company investigates

Graphics unit maker Nvidia suffered a relatively minor security breach that affected the firm's developer forums. Coming only a few weeks after the LinkedIn, eHarmony, and Last.fm password debacles, by comparison the breach was not as bad as those who suffered breaches earlier.

The firm said that it had secured the hashed passwords with "random salt values" making it slightly more difficult for the passwords to be decrypted, but Nvidia still sent all of its forum users a temporary password that must be changed on first use.

Formspring password breach, mass password reset follows

Formspring was also next on the list of companies to be attacked and passwords stolen. As soon as the firm realized there had been a security breach, Formspring sent out an email to those affected asking them to change their password.

Around 420,000 password hashes were posted to a security forum, but username and other data were not submitted, making it almost impossible to do anything with. However, the form-based question firm used the SHA-256 algorithm to secure its user's accounts and passwords were hashed with random salts. Formspring now uses bcrypt in order to secure accounts even further.

Eventually, the firm said that usernames and passwords stolen from other sites, such as LinkedIn, eHarmony, and Last.fm, were used to gain access to some Dropbox accounts. Along with this, a stolen password was also used to access a Dropbox employee's account with passwords as part of an internal project.

The firm then put in place additional security measures and has since implemented two-factor authentication, requiring two proofs of identity, such as those sent to your mobile device.

September: Apple's UDID leaks linked to Florida data breach, not FBI

With the rollout of iOS 6 imminent, a wave of unique iOS-powered device codes (UDIDs) were stolen by Anonymous, allegedly from the FBI, and were uploaded to the Web. UDID codes are used by developers for analytics, but could also be used to personally identify users. There was enough suspicion to suggest either Apple had passed on the device codes for FBI surveillance, or the iPhone and iPad maker was forced to. It blew up a privacy brouhaha for close to a fortnight.

Apple said, in a rare public statement, that the data had not been requested by the FBI or provided it to any organization. Eventually, after both Apple and the FBI denied any knowledge or involvement, a small company in Florida admitted to a data breach, which led to the UDID codes leaking to the Web. Apple's iOS 6 mobile operating system was rolled out only a few weeks later, which removed UDIDs from iOS-powered devices.

October: Ghostshell hacks universities, massive data breach

The leaked data contained more than 36,600 email addresses were identified and tens of thousands of university student, faculty, and staff names were disclosed. While the details of only one bank account were disclosed, much of the data included ethnic, nationality and other personally identifiable information, as well as a whole range of passwords.

The Ghostshell group is known for its higher education agenda, with focus not limited to tuition fees and troubles in the post-graduation job market.

South Carolina suffers huge Social Security records theft

The state of South Carolina suffered a massive data loss of more than 3.6 million Social Security records, after government servers were breached. With a population of 4.6 million, this breach represented about 78 percent of the state's population. 16,000 credit card details were also stolen without encryption.

The figure also included 670,000 businesses affected by the data breach. It took close to three weeks before the hack came to light after U.S. Secret Service first received information regarding an incident on October 10, 2012.

Barnes & Noble credit card machines breached, card data stolen

Barnes & Noble had 63 stores hit -- including its flagship "world's largest bookstore" in New York City, after hackers stole vast amounts of credit card data from around the United States. The data was stolen from the credit card machines part of the 63 store's cash registers. A public letter said the book giant had disabled its 7,000 keypads in hundreds of its stores, despite only one store being hit in the successful hacking attack.

The hack was kept quiet for more than five weeks for the U.S. Justice Dept. and the FBI to investigate. Barnes & Noble said it was "working with banks, payment card brands and issuers" to identify any accounts that may have been compromised.

November: Hacker leaks VMware ESX kernel source code to the Web

More from Anonymous, as hackers associated with the collective leaked the VMware ESX Server's kernel source code to the Web. The 2MB file (compressed) was small in size but the independently verified source code was out in the open.

Because kernel source code doesn't change much, "some core functionality still stays the same," the hacker said, indicating that users of the bare bones operating system-independent virtualization server could be at risk for future hacks. VMware said in a public statement that "more related files will be posted in the future," as the virtualization giant scrambled to update its platform to ensure its customers are secure.

December: Nationwide Mutual hacked, 1.1 million Americans affected

And last but not least, insurance giant Nationwide Mutual suffered a hack that affected 1.1 million Americans, according to North Carolina Attorney General. It's thought that the hackers may have been from overseas, and may not have been on U.S. soil.

Customers' names, Social Security numbers, and driver's license details were all pilfered by the hackers, and the possibility of date of birth and marital status, gender and their employers name could not be ruled out. The extent of the hack may not be realized until the early part of 2013. The insurance company prepared a statement and said it was "very sorry," but was not aware of "any misuse of customers' information."